Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
These are a set of CLs merged from the wv cdm repo to the android repo.
* Get System ID From OEM Cert
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37940 ]
(This is a merge of http://go/wvgerrit/30220 . However, it has been
significantly modified in the merge due to needing to support both
OpenSSL and BoringSSL.)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Test: widevine_ce_cdm_unittest
* Remove unique_ptr from oemcrypto mod mock
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/38500 ]
Because we can't have C++11.
Bug: 69935608
* Update CHANGELOG.md
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38460 ]
- Add items about adapter support.
- Add mention of SRM support.
Merged from cdm_partner_3.5
(Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)
* Add Adapter for OEMCrypto v13 to v12.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38440 ]
Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
(srm_requirement param).
* Allow certain warnings in protobuf build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38424 ]
maybe-uninitialized is triggered in release build. Allow it.
* Enable -fPIC for jsmc.c build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38423 ]
-fPIC was removed for common c/c++ build rules. Add it back.
* Missing OEMCrypto_LoadKeys param in static adapter.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38422 ]
srm_requirement param was omitted in v11 static adapter.
* Remove OEMCrypto v12 specification.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38421 ]
* Update documentation for v3.5.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38420 ]
* Added padded preprov key for 7880
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36924 ]
Bug: 68765915
* Change overrides in CE L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38380 ]
The 'override's are changed to the macro defined in override.h to
be gnu++98 compliant.
* Use source android level3 + add cache_flush call
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37900 ]
I put both changes in this CL since I have to generate Level3 libraries
for both anyways. The first change involves shifting from using a
prebuilt static library to using an obfuscated source library output
from the Haystack tool on google3. The second change is from here:
https://critique.corp.google.com/#review/176536782, and addresses
b/69387416. Since the cache_flush function wasn't being used, the
execution on Angler gave inconsistent segfaults, which this CL fixes.
Verified on Angler, Sailfish, and Linux.
11/27/17: Added mips and mips64 libraries.
* Make CDM result codes constexprs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38280 ]
The values in the enumeration list of CdmResponseType error codes
were earlier implicit. Comments were added to denote the actual
values. This changes to make it fixed values, which makes it slightly
more error prone, but cleaner when errors are retired.
* Change watchdog timer to 2 minutes
[ Merge of http://go/wvgerrit/36340 ]
This relaxes the watchdog timer around the level 3 oemcrypto
initialization to 120 seconds. There are also a couple of new log
messages at the end of initialization and at termination.
Library for arm updated:
level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/35480
* Add test to get service certificate from server.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37780 ]
This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55
* Add watch dog timer to OEMCrypto L3
commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/34260 ]
This code adds a watchdog timer to the level 3 initialization. If
initialization does not finish within 5 seconds, the process
will abort, printing a small amount of debugging information.
arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15
Test: unit tests on bullhead. Video on Play Movies.
GTS tests run on loop overnight.
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/33540
* Remove libwidevinehidl_utils dependency
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37822 ]
libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
which was introduced due to an out of order merge from oc-mr1-dev
to master.
Bug: 69573113
* Automatically generate log location information
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36563 ]
Currently class and method names are manually added to each log message
in the CDM on android and some other platforms. This change prepends
log messages with file name, line number and function name automatically.
The code is platform specific so it can be enabled and the precise
format configured on a per-platform basis.
As an example, here is a log on android before the change,
11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open:
Lock: requested_security_level: Default
and after,
11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open]
Lock: requested_security_level: Default
A follow on CL will remove the manually added class/method information.
Bug: 9261010
* Fix BoringSSL Compatibility of oec_session_util.cpp
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37121 ]
A previous change inadvertantly used APIs from OpenSSL that do not exist
in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
move all targets to BoringSSL, this patch switches that file to use
conditional compilation to choose the correct API depending on the
library in use. It does not otherwise change the behavior of the file.
Bug: 67908123
Test: wv_ce_cdm_unittest on x86-64
Test: linux_unit_tests
* Create local shared_ptr implementation
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37600 ]
Derived from protobuf version, which came from google3.
Removed locking (not thread-safe) and removed weak pointers (not
needed for usages in CDM).
Locking can easily be added if needed.
* Revert C++11 usage - back to gnu++98
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37440 ]
These changes roll back C++11-specific constructs:
std::unique_ptr -> std::auto_ptr
container initializers
nullptr -> NULL
std::shared_ptr to local shared_ptr
compiler flags (-std=c++11 -> -sdt=gnu++98)
NOTE: the "local" shared_ptr implementation is temporarily
a direct reference to the shared_ptr implementation in
third_party/protobuf. This has been fixed (implementation
extracted and moved to core/include) in CL 37600.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
These are a set of CLs merged from the wv cdm repo to the android repo.
* Enable Cast for Android Things build.
Author: Thoren Paulson <thoren@google.com>
[ Merge of http://go/wvgerrit/29941 ]
Added a path to make_cast_libwvlevel3 for Android Things. Added the new
system id to the preprocessor guards in android_keybox.cpp. Guarded the
references to stderr in page_allocator.cpp because for some reason they
don't get resolved when we link against the resulting library.
BUG: 63443584
* Resolve memory leaks in use of OpenSSL.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32700 ]
Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().
* Memory leak in OpenSSL RSA key handling.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32621 ]
This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
five tests and still loses 5 objects totalling 1320 bytes (down
from 6200 bytes).
* Unit test and mock OEMCrypto memory leaks.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32640 ]
More memory leak cleanup. All remaining leaks are due
to calls to CRYPTO_malloc() without the matching free
(i.e., calls into openssl).
* Clean up memory leaks in tests.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32600 ]
This is the first pass at cleaning up memory leaks. These leaks
were affecting a lot of tests, making it hard to identify more
serious leaks.
Switch to unique_ptr<> pointers for CdmEngine in
generic_crypto_unittest tests for FileSystem object in
mock OEMCrypto's CryptoEngine object.
* Fix broken tests - linux-only & address sanitizer failures.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32460 ]
Fix broken test:
WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest
Fix failures found by address sanitizer:
DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
DeviceFilesUsageInfoTest.UpdateUsageInfo
NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
a call with a Contains matcher as an argument, e.g.:
EXPECT_CALL(file,
Write(Contains(certificate, wrapped_private_key, 0),
Gt(certificate.size() + wrapped_private_key.size())))
The address sanitizer reports a crash, issues a report, and stops. A
temporary fix is to replace the "Contains()" argument with "_".
* Usage license handling corrections
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28540 ]
Validate that offline licenses that do not contain a provider session
token are not handled by the TEE.
BUG: 38490468
Test: WV Unit/integration tests, GtsMediaTestCases,
WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest
* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32220 ]
The function copies the pst from a variable length input vector
into a 256 byte character array. But the length argument was a
fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
can lead to memcpy reading out of bounds or the PST getting truncated.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
Merge from Widevine repo of http://go/wvgerrit/24728
We use compiler options to set different properties in the oemcrypto
mock. With this CL, we define a base class that has default
properties. All other variants need only define the properties that
they change.
b/35141278
b/37353534
Change-Id: Id38ec5bf35dcd83cea9a066ebe201e6da7c1a2b0
Merge from Widevine repo of http://go/wvgerrit/22797
CryptoEngine has a number of functions that return constants that
control the configuration of mock OEMCrypto. Give all the functions
a common prefix (config_) so their intent is more clear.
Change-Id: Idf9d3e9e8941fa0e793b0eb17a3f89bf634d9ed5
Merge from widevine repo of http://go/wvgerrit/21684
This CL adds provisioning 3.0 functionality to the OEMCrypto reference
implementation.
Change-Id: I60c1fd88f246d443e0ae59ad56862c2ea9d95445
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
